OpenStack-Ansible Trove

OpenStack-Ansible Trove

This Ansible role installs Trove.

To clone or view the source code for this repository, visit the role repository for os_trove.

Default variables

#
# (c) 2016 Donovan Francesco <donovan.francesco@is.co.za>
# (c) 2016 Paul Stevens <paul.stevens@is.co.za>

trove_package_state: "latest"
trove_pip_package_state: "latest"

debug: false
trove_system_group_name: trove
trove_system_user_name: trove
trove_system_user_comment: Trove System User
trove_system_user_shell: /bin/false
trove_system_user_home: "/var/lib/{{ trove_system_user_name }}"
trove_log_directory: /var/log/trove
trove_etc_directory: /etc/trove

trove_api_program_name: trove-api
trove_conductor_program_name: trove-conductor
trove_taskmanager_program_name: trove-taskmanager

trove_admin_user_name: admin_trove_user

trove_service_name: trove
trove_service_user_name: "{{ trove_admin_user_name }}"
trove_service_tenant_name: trove_for_trove_usage
trove_service_type: database
trove_service_description: "OpenStack DBaaS (Trove)"
trove_service_project_name: "{{ trove_service_tenant_name }}"
trove_service_admin_role_names:
  - admin
trove_service_region: RegionOne
trove_service_host: "0.0.0.0"
trove_service_port: 8779
trove_service_proto: http
trove_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(trove_service_proto) }}"
trove_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(trove_service_proto) }}"
trove_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(trove_service_proto) }}"
trove_service_publicurl: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ trove_service_port }}/v1.0/%(tenant_id)s"
trove_service_internalurl: "{{ trove_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ trove_service_port }}/v1.0/%(tenant_id)s"
trove_service_adminurl: "{{ trove_service_adminuri_proto }}://{{ internal_lb_vip_address }}:{{ trove_service_port }}/v1.0/%(tenant_id)s"
trove_auth_url: "{{ keystone_service_internalurl }}"

# By default assume the trove service network is an internal one
# It would be good to use the catalog service to lookup these URLs based on the endpoint type
# but currently the Trove code doesn't work properly when endpoint types are specified
trove_nova_compute_url: "{{ trove_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ nova_service_port }}/v2.1"
trove_cinder_url: "{{ trove_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ cinder_service_port }}/v1"
trove_swift_url: "{{ trove_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ swift_proxy_port }}/v1/AUTH_"
trove_neutron_url: "{{ trove_service_internaluri_proto }}://{{ internal_lb_vip_address }}:{{ neutron_service_port }}/"

trove_profiler_enabled: false

## Cap the maximum number of threads / workers when a user value is unspecified.
trove_api_workers_max: 16
trove_api_workers: "{{ [[ansible_processor_vcpus|default(2) // 2, 1] | max, trove_api_workers_max] | min }}"

## Cap the maximum number of threads / workers when a user value is unspecified.
trove_conductor_workers_max: 16
trove_conductor_workers: "{{ [[ansible_processor_vcpus|default(2) // 2, 1] | max, trove_conductor_workers_max] | min }}"

# Name of the virtual env to deploy into
trove_venv_tag: untagged
trove_bin: "/openstack/venvs/trove-{{ trove_venv_tag }}/bin"

# venv_download, even when true, will use the fallback method of building the
# venv from scratch if the venv download fails.
trove_venv_download: "{{ not trove_developer_mode | bool }}"
trove_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/trove.tgz

trove_git_repo: "https://git.openstack.org/openstack/trove"
trove_git_install_branch: "stable/queens"

trove_developer_mode: false
trove_developer_constraints:
  - "git+{{ trove_git_repo }}@{{ trove_git_install_branch }}#egg=trove"

#: Set this to false to disable API service through Apache + mod_wsgi
trove_use_mod_wsgi: false

## Apache setup
trove_apache_log_level: info
trove_apache_servertokens: "Prod"
trove_apache_serversignature: "Off"
trove_wsgi_threads: 1
## Cap the maximum number of processes when a user value is unspecified.
trove_wsgi_processes_max: 32
trove_wsgi_processes: "{{ [[ansible_processor_vcpus|default(1), 1] | max * 2, trove_wsgi_processes_max] | min }}"

# set trove_ssl to true to enable SSL configuration on the trove containers
trove_ssl: false
trove_ssl_cert: /etc/ssl/certs/trove.pem
trove_ssl_key: /etc/ssl/private/trove.key
trove_ssl_ca_cert: /etc/ssl/certs/trove-ca.pem
trove_ssl_protocol: "{{ ssl_protocol | default('ALL -SSLv2 -SSLv3') }}"
trove_ssl_cipher_suite: "{{ ssl_cipher_suite | default('ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:RSA+AESGCM:RSA+AES:!aNULL:!MD5:!DSS') }}"

# if using a self-signed certificate, set this to true to regenerate it
trove_ssl_self_signed_regen: false
trove_ssl_self_signed_subject: "/C=US/ST=Texas/L=San Antonio/O=IT/CN={{ internal_lb_vip_address }}/subjectAltName=IP.1={{ external_lb_vip_address }}"

# Database vars
trove_galera_database_name: trove
trove_galera_user: trove
trove_galera_address: "{{ internal_lb_vip_address }}"
trove_db_sync_options:
trove_galera_use_ssl: "{{ galera_use_ssl | default(False) }}"
trove_galera_ssl_ca_cert: "{{ galera_ssl_ca_cert | default('/etc/ssl/certs/galera-ca.pem') }}"
trove_galera_connection_string: "mysql+pymysql://{{ trove_galera_user}}:{{ trove_galera_password }}@{{ trove_galera_address }}/{{ trove_galera_database_name }}?charset=utf8{% if trove_galera_use_ssl | bool %}&ssl_ca={{ trove_galera_ssl_ca_cert }}{% endif %}"

# Rabbit vars
trove_control_exchange: trove
trove_rabbit_notification_topic: notification
trove_rabbitmq_userid: trove
trove_rabbitmq_vhost: /trove
trove_rabbitmq_use_ssl: False
trove_rabbitmq_port: 5672
trove_rabbitmq_servers: "{{ rabbitmq_servers }}"

# The trove guest agent in the deployed DB VMs need access to OpenStack services (keystone, swift, etc)
# and also to rabbitmq. The way it gets access (networking) these services may differ.
# By default assume:
#   OpenStack services are accesses through public interfaces
#   Infrastructure services (rabbitmq) are accessed through the defined provider network.
#
# The value of 'net_name' field of the provider network network to use for infrastructure services
trove_provider_net_name: dbaas-mgmt
trove_provider_network: "{{ provider_networks|map(attribute='network')|selectattr('net_name','defined')|selectattr('net_name', 'equalto', trove_provider_net_name)|list|first }}"
# The value of 'ip_from_q' field
trove_provider_ip_from_q: "{{ trove_provider_network['ip_from_q'] }}"
# The name of the network address pool
trove_container_net_name: "{{ trove_provider_ip_from_q }}_address"
trove_guest_rabbitmq_servers: "{% for host in groups[rabbitmq_host_group] %}{{ hostvars[host]['container_networks'][trove_container_net_name]['address'] }}{% if not loop.last %},{% endif %}{% endfor %}"
trove_guest_rabbitmq_use_ssl: "{{ trove_rabbitmq_use_ssl }}"
# For OpenStack services that have public, admin, and internal access, use the public ones for the guest VMs.
trove_guest_auth_url: "{{ keystone_service_publicurl }}"
trove_guest_swift_url: "{{ trove_service_publicuri_proto }}://{{ external_lb_vip_address }}:{{ swift_proxy_port }}/v1/AUTH_"

# Trove service network settings.
# These values are used when creating an OpenStack network to be used by Trove. By default the network will
# not be created.
trove_service_net_setup: False
trove_service_net_validate_certs: "False"
trove_service_net_phys_net: dbaas-mgmt
trove_service_net_type: flat
trove_service_net_name: dbaas_service_net
trove_service_subnet_name: dbaas_service_subnet
trove_service_net_subnet_cidr: "192.168.20.0/24"
trove_service_net_dhcp: "True"
trove_service_net_allocation_pool_start: "192.168.20.100"
trove_service_net_allocation_pool_end: "192.168.20.120"
trove_service_net_endpoint_type: internal

# RPC encryption keys
# See the Trove documentation as to the significance of the rpc encryption keys
# Trove supplies default values but we enforce they not be left to their default values
trove_enable_secure_rpc_messaging: "True"
trove_required_secrets:
  - trove_galera_password
  - trove_rabbitmq_password
  - trove_service_password
  - trove_admin_user_password
  - trove_taskmanager_rpc_encr_key
  - trove_inst_rpc_key_encr_key

# Keystone AuthToken/Middleware
trove_keystone_auth_plugin: "{{ trove_keystone_auth_type }}"
trove_keystone_auth_type: password
trove_service_project_domain_name: Default
trove_service_user_domain_name: default
trove_service_project_domain_id: default
trove_service_user_domain_id: default

trove_conductor_service_name: "{{ trove_conductor_program_name }}"
trove_taskmanager_service_name: "{{ trove_taskmanager_program_name }}"

#Glance images
trove_glance_images: []

trove_requires_pip_packages:
  - httplib2
  - python-glanceclient
  - python-keystoneclient
  - virtualenv
  - shade
  - futures

trove_pip_packages:
  - cryptography
  - os-client-config
  - pexpect
  - PyMySQL
  - python-troveclient
  - python-memcached
  - trove

# This variable is used by the repo_build process to determine
# which host group to check for members of before building the
# pip packages required by this role. The value is picked up
# by the py_pkgs lookup.
trove_role_project_group: trove_all

## Tunable overrides
trove_config_overrides: {}
trove_api_paste_ini_overrides: {}
trove_conductor_config_overrides: {}
trove_taskmanager_config_overrides: {}
trove_guestagent_config_overrides: {}
trove_policy_overrides: {}

trove_api_init_config_overrides: {}
trove_conductor_init_config_overrides: {}
trove_taskmanager_init_config_overrides: {}

Dependencies

This role needs pip >= 7.1 installed on the target host.

To use this role, define the following variables:

# Service and user passwords
trove_galera_password:
trove_rabbitmq_password:
trove_service_password:
trove_admin_user_password:

# Trove RPC encryption keys.
trove_taskmanager_rpc_encr_key:
trove_inst_rpc_key_encr_key:

This list is not exhaustive at present. See role internals for further details.

Example playbook

- name: Install trove
   hosts: all
   user: root
   roles:
     - role: "openstack-ansible-os_trove"
Creative Commons Attribution 3.0 License

Except where otherwise noted, this document is licensed under Creative Commons Attribution 3.0 License. See all OpenStack Legal Documents.